Five common GDPR myths

The GDPR (General Data Protection Regulation) is a hot topic right now. The regulation comes into effect in May 2018 and will affect all businesses that hold data of EU citizens. Most businesses can be GDPR compliant by mainly using common sense. However, we’ve also produced an eBook about how SharePoint can be a valuable tool in assisting businesses with their data issues. If you have Office 365, then you’ll already have access to SharePoint.

Due to the GDPR being a very dominant topic at the moment, there are lots of scare stories out there about fines and consequences companies will face unless they comply. It’s not just about the fines either – it’s the things companies need to do to be compliant which are also being misunderstood. Below we have some common GDPR-related myths. We’ve debunked them, and hopefully you’ll have a far better understanding of what the GDPR means for you and your business.

After Britain leaves the EU, the GDPR will no longer apply

Because the GDPR constantly refers to the data of “EU citizens”, it’s a common misconception that once Britain leaves the European Union, the rules around the GDPR won’t matter to us. This is a myth. Brexit won’t have an effect on the outcomes of the GDPR.

Only companies in Europe have to deal with the GDPR

Because media around the GDPR constantly refers to the data of “EU citizens”, it’s a common misconception that once Britain leaves the European Union, the rules around the GDPR won’t matter to us. This is a myth. Brexit won’t have an effect on the outcomes of the GDPR.

The GDPR is out to bankrupt you

One of the more memorable aspects of the GDPR is the fines if a company doesn’t comply with the Regulation. The ICO (Information Commissioner’s Office) can impose fines of up to 20 million Euros or 4% of group worldwide turnover (whichever is greater) against both data controllers and data processors. Whilst this is a huge amount of money, it’s not what the ICO are likely to be doing 24 hours a day to businesses all over the UK. Last year (2016/2017) we concluded 17,300 cases. 16 of them resulted in fines for the organisations concerned.

It will almost impossible to get this fine by accident. If you’re outright disregarding the GDPR or failing to notify the ICO of data-privacy breaches then you’ll be more vulnerable to the consequences.

Every single data breach will need to be reported to the ICO…or else!

According to the ICO’s website, “it will be mandatory to report a personal data breach under the GDPR if it’s likely to result in a risk to people’s rights and freedoms. So, if it’s unlikely that there’s a risk to people’s rights and freedoms from the breach, you don’t need to report.”

At the end of the day it comes down to risk. If your company holds sensitive data or data that may affect the rights and freedoms of those of whom it belongs, then you need to reconsider your data protection strategy and make sure your data is suitably risk-assessed.

Reporting data breaches will likely just make your company vulnerable to fines

This comes back to the myth that the ICO is ‘out there to get you’. The fines are reserved for companies who blatantly disregard the law, actively hide data breaches and if/when they do report them, they don’t tell the truth. Reporting a data breach doesn’t necessarily mean you’ve done anything wrong.

One of the main aims of having the necessity to report is to give customers confidence that the companies who have their data also have someone monitoring that data. Not only monitoring it, but looking for patterns and trends in the data and making it more secure. Needing to report data breaches encourages companies to secure their data strategies.

There are many other ways the GDPR is being manipulated to terrify companies (and customers) that data will be forever untouchable. Most of the GDPR is common sense – and most reputable companies will already have plans and processes in place.

If you’re still a bit lost and worried, then have a look at our new eBook. It highlights how you can use SharePoint to help you become GDPR compliant. SharePoint is a reliable and effective tool for data management, and you may already have it right at your fingertips! Click here to find out more.